log_fn(LOG_INFO,"Other side has a cert but it's bad. Closing.");
return -1;
}
- router = look up which router I just connected to. /* XXX */
+ router = router_get_by_pk(pk);
+ if (!router) {
+ log_fn(LOG_INFO,"Unrecognized public key from peer. Closing.");
+ crypto_free_pk_env(pk);
+ }
conn->bandwidth = router->bandwidth;
conn->addr = router->addr, conn->port = router->or_port;
- conn->pkey = crypto_pk_dup_key(router->pkey);
+ conn->pkey = pk;
if(conn->address)
free(conn->address);
conn->address = strdup(router->address);
conn->bandwidth = DEFAULT_BANDWIDTH_OP;
}
} else { /* I'm a client */
+ /* XXX Clients should also verify certificates. */
conn->bandwidth = DEFAULT_BANDWIDTH_OP;
circuit_n_conn_open(conn); /* send the pending create */
}
void router_retry_connections(void);
routerinfo_t *router_pick_directory_server(void);
routerinfo_t *router_get_by_addr_port(uint32_t addr, uint16_t port);
+routerinfo_t *router_get_by_pk(crypto_pk_env_t *pk);
void router_get_directory(directory_t **pdirectory);
int router_is_me(uint32_t addr, uint16_t port);
void router_forget_router(uint32_t addr, uint16_t port);
return NULL;
}
+routerinfo_t *router_get_by_pk(crypto_pk_env_t *pk)
+{
+ int i;
+ routerinfo_t *router;
+
+ assert(directory);
+
+ for(i=0;i<directory->n_routers;i++) {
+ router = directory->routers[i];
+ /* XXX Should this really be a separate link key? */
+ if (0 == crypto_pk_cmp_keys(router->pkey, pk))
+ return router;
+ }
+
+ return NULL;
+}
+
+
void router_get_directory(directory_t **pdirectory) {
*pdirectory = directory;
}
projects / thirdparty / tor.git / commitdiff
